django

mirror of https://github.com/django/django.git synced 2025-06-28 14:59:13 +00:00

Author	SHA1	Message	Date
Mariusz Felisiak	a37e4d5d6e	[3.2.x] Added stub release notes for 3.2.19. Backport of 18a7f2c711529f8e43c36190a5e2479f13899749 from main	2023-04-26 08:54:18 +02:00
Carlton Gibson	963f24cff2	[3.2.x] Added CVE-2023-24580 to security archive. Backport of ecafcaf634fcef93f9da8cb12795273dd1c3a576 from main	2023-02-14 09:57:00 +01:00
Carlton Gibson	e34a2283f2	[3.2.x] Post-release version bump.	2023-02-14 09:07:53 +01:00
Carlton Gibson	722e9f8a38	[3.2.x] Bumped version for 3.2.18 release. 3.2.18	2023-02-14 09:04:22 +01:00
Markus Holtermann	a665ed5179	[3.2.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files. Thanks to Jakob Ackermann for the report.	2023-02-07 10:39:25 +01:00
Carlton Gibson	932b5bd52d	[3.2.x] Added stub release notes for 3.2.18. Backport of 7e003428f96d616c1f77fed84882a95e63bc3644 from main	2023-02-07 10:14:53 +01:00
Mariusz Felisiak	c35a5788f4	[3.2.x] Added CVE-2023-23969 to security archive. Backport of 36e3eef7d5a4c88671d20a561788679d0d9c334c from main	2023-02-01 12:11:00 +01:00
Mariusz Felisiak	9bd8db3940	[3.2.x] Post-release version bump.	2023-02-01 10:00:34 +01:00
Mariusz Felisiak	aed1bb56d1	[3.2.x] Bumped version for 3.2.17 release. 3.2.17	2023-02-01 09:58:36 +01:00
Nick Pope	c7e0151fdf	[3.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language. The parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. Accept-Language headers are now limited to a maximum length in order to avoid this issue.	2023-02-01 09:48:18 +01:00
Mariusz Felisiak	9da46345d8	[3.2.x] Fixed inspectdb.tests.InspectDBTestCase.test_custom_fields() on SQLite 3.37+. Use FlexibleFieldLookupDict which is case-insensitive mapping because SQLite 3.37+ returns some data type names upper-cased e.g. TEXT. Backport of 974e3b8750fe96c16c9c0b115a72ee4a2171df34 from main	2023-01-31 15:32:01 +01:00
Tim Graham	4c2b26174f	[3.2.x] Removed 'tests' path prefix in a couple tests. Backport of 694cf458f16b8d340a3195244196980b2dec34fd from main.	2023-01-31 15:28:16 +01:00
Carlton Gibson	d21543182d	[3.2.x] Adjusted release notes for 3.2.17. Backport of d8e1442ce2c56282785dd806e5c1147975e8c857 from main	2023-01-25 12:29:59 +01:00
Carlton Gibson	4e31d3ea55	[3.2.x] Added stub release notes for 3.2.17. Backport of 1df963ad2476726d63be132c0cee47e07b8250d7 from main	2023-01-25 12:02:29 +01:00
Stephen	238e8898ac	[3.2.x] Corrected passenv value for tox 4.0.6+. Backport of 34b328814976a2e2f7907361a494202763649f3f from main	2023-01-25 06:12:18 +01:00
Mariusz Felisiak	b381ab4906	[3.2.x] Disabled auto-created table of contents entries on Sphinx 5.2+. Auto-created table of contents entries for all domain objects (e.g. functions, classes, attributes, etc.) were added in Sphinx 5.2, see https://github.com/sphinx-doc/sphinx/issues/6316. An option to control new table of contents entries was added in Sphinx 5.2.3, see https://github.com/sphinx-doc/sphinx/pull/10886. Backport of 279967ec859a9a5240318cf29a077539b0e3139f from main	2022-12-29 06:15:37 +01:00
Nick Pope	f6f0699d01	[3.2.x] Removed obsolete doc reference to asyncio.iscoroutinefunction. Backport of 970f61fefb148284fb2af63b5cc844279254111a from main	2022-10-29 13:36:23 +02:00
Carlton Gibson	accdd0576d	[3.2.x] Added CVE-2022-36359 to security archive. Backport of 93d4c9ea1de24eb391cb2b3561b6703fd46374df from main	2022-10-04 10:13:25 +02:00
Carlton Gibson	7190b38b8d	[3.2.x] Post-release version bump.	2022-10-04 09:36:16 +02:00
Carlton Gibson	4c85beca9d	[3.2.x] Bumped version for 3.2.16 release. 3.2.16	2022-10-04 09:31:26 +02:00
Adam Johnson	5b6b257fa7	[3.2.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as regular expressions. Thanks to Benjamin Balder Bach for the report.	2022-09-27 10:17:34 +02:00
Carlton Gibson	33affaf0b6	[3.2.x] Added stub notes 3.2.16 release. Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main	2022-09-27 10:14:45 +02:00
Carlton Gibson	777362d74a	[3.2.x] Added CVE-2022-36359 to security archive. Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main	2022-08-03 09:11:02 +02:00
Carlton Gibson	eb5bdb461e	[3.2.x] Post-release version bump.	2022-08-03 09:03:45 +02:00
Carlton Gibson	653a7bd7b7	[3.2.x] Bumped version for 3.2.15 release. 3.2.15	2022-08-03 09:01:19 +02:00
Carlton Gibson	b3e4494d75	[3.2.x] Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header. Thanks to Motoyasu Saburi for the report.	2022-08-03 08:48:33 +02:00
Mariusz Felisiak	cb7fbac9f8	[3.2.x] Fixed collation tests on MySQL 8.0.30+. The utf8_ collations are renamed to utf8mb3_* on MySQL 8.0.30+. Backport of 88dba2e3fd64b64bcf4fae83b256b4f6f492558f from main.	2022-08-01 09:30:48 +02:00
Mariusz Felisiak	840d009c06	[3.2.x] Fixed inspectdb and schema tests on MariaDB 10.6+. The utf8 character set (and related collations) is by default an alias for utf8mb3 on MariaDB 10.6+. Backport of 355ecd141671e34853d1ff99ffdb1a7fb95b4276 from main	2022-08-01 09:29:11 +02:00
Carlton Gibson	a5eba20f40	Adjusted release notes for 3.2.15. Backport of cadd864f6878c1c02a014589876ece166befdeb3 from main	2022-07-27 10:05:04 +02:00
Carlton Gibson	ad104fb50f	[3.2.x] Added stub release notes for 3.2.15 release. Backport of 0c1675781ec5944132fe5a475ca6064edc71bd81 from main	2022-07-27 09:34:30 +02:00
Mariusz Felisiak	22916c8c1f	[3.2.x] Fixed RelatedGeoModelTest.test08_defer_only() on MySQL 8+ with MyISAM storage engine. Backport of 73766c118781a7f7052bf0a5fbee38b944964e31 from main.	2022-07-05 19:07:51 +02:00
Mariusz Felisiak	e1cfbe58b7	[3.2.x] Added CVE-2022-34265 to security archive. Backport of d12d7c4c42814736c24731a6a300a79526fc2ef6 from main	2022-07-04 10:34:52 +02:00
Mariusz Felisiak	605cf0d3f6	[3.2.x] Post-release version bump.	2022-07-04 08:53:51 +02:00
Mariusz Felisiak	746e88cc63	[3.2.x] Bumped version for 3.2.14 release. 3.2.14	2022-07-04 08:42:36 +02:00
Mariusz Felisiak	a9010fe555	[3.2.x] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) against SQL injection. Thanks Takuto Yoshikai (Aeye Security Lab) for the report.	2022-07-04 08:41:33 +02:00
Mariusz Felisiak	3acf156be3	[3.2.x] Fixed GEOSTest.test_emptyCollections() on GEOS 3.8.0. It's a regression in GEOS 3.8.0 fixed in GEOS 3.8.1. Backport of 863aa7541d30247e7eb7a973ff68a7d36f16dc02 from main	2022-07-01 19:07:10 +02:00
Mariusz Felisiak	4a5d98ee0a	[3.2.x] Bumped minimum Sphinx version to 4.5.0. Related Sphinx changes: - https://github.com/sphinx-doc/sphinx/pull/8898 - https://github.com/sphinx-doc/sphinx/issues/8326 Backport of ebf25555bbed3e9112d4b726575d60b242daf48a from main.	2022-06-27 08:45:07 +02:00
Mariusz Felisiak	1a9098166e	[3.2.x] Fixed docs build with sphinxcontrib-spelling 7.5.0+. sphinxcontrib-spelling 7.5.0+ includes captions of figures in the set of nodes for which the text is checked. Backport of ac90529cc58507d9a07610809a795ec5fc3cbf8c from main.	2022-06-27 08:10:48 +02:00
Mariusz Felisiak	37f4de2deb	[3.2.x] Added stub release notes for 3.2.14. Backport of b2eff16806057095c7dd3daa9402ad615e51627f from main	2022-06-27 07:23:46 +02:00
Mariusz Felisiak	7595f763a9	[3.2.x] Fixed test_request_lifecycle_signals_dispatched_with_thread_sensitive with asgiref 3.5.1+.	2022-06-22 10:02:31 +02:00
Mariusz Felisiak	2dc85ecf3e	[3.2.x] Fixed CoveringIndexTests.test_covering_partial_index() when DEFAULT_INDEX_TABLESPACE is set. Backport of aa8b9279e40da343f5b91e5aec07f868184056f4 from main	2022-06-21 11:45:42 +02:00
Mariusz Felisiak	a23c25d84a	[3.2.x] Fixed #33753 -- Fixed docs build on Sphinx 5+. Empty language is not supported anymore. Backport of 565ad5ace46aa1e2368450701cba45dd1a95a026 from main	2022-06-01 12:15:27 +02:00
Mariusz Felisiak	e01b383e02	[3.2.x] Added CVE-2022-28346 and CVE-2022-28347 to security archive. Backport of 78eeff8d33ead67cfc8603477c95e70f8fbe096a from main	2022-04-11 10:36:52 +02:00
Mariusz Felisiak	ac2fb5ccb6	[3.2.x] Post-release version bump.	2022-04-11 09:21:27 +02:00
Mariusz Felisiak	08e6073f87	[3.2.x] Bumped version for 3.2.13 release. 3.2.13	2022-04-11 09:13:55 +02:00
Mariusz Felisiak	9e19accb6e	[3.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. Backport of 6723a26e59b0b5429a0c5873941e01a2e1bdbb81 from main.	2022-04-11 09:12:58 +02:00
Mariusz Felisiak	2044dac5c6	[3.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report. Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.	2022-04-11 09:12:06 +02:00
Manel Clos	bdb92dba0b	[3.2.x] Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes. Regression in 68357b2ca9e88c40fc00d848799813241be39129. Backport of 62739b6e2630e37faa68a86a59fad135cc788cd7 from main.	2022-04-11 08:34:01 +02:00
Mariusz Felisiak	70035fb044	[3.2.x] Added stub release notes for 3.2.13 and 2.2.28. Backport of 78277faafd38d8360efc1fd0c9c52d7bb5eec002 from main	2022-04-04 10:51:06 +02:00
Mariusz Felisiak	7e7ea71a8d	[3.2.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+." This reverts commit 1d9d082acf6e152c06833bb9698f88d688b95e40. Backport of abfdb4d7f384fb06ed9b7ca37b548542df7b5dda from main	2022-03-26 12:29:03 +01:00

1 2 3 4 5 ...

29519 Commits